vndb/mithril-vndb
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Avoid triggering Object.prototype.__proto__ with keys (#2251)

Browse source 
This way, the diff algorithm works with untrusted keys.
This commit is contained in:
Isiah Meadows 2018-10-15 15:09:55 -04:00 committed by GitHub
parent d2ca44b693
commit 88b17c1c60
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 19 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
docs/change-log.md
View file

@ -59,6 +59,8 @@
- render/events: Event handlers, when set to literally `undefined` (or any non-function), are now correctly removed.
- render/hooks: fixed an ommission that caused `oninit` to be called unnecessarily in some cases [#1992](https://github.com/MithrilJS/mithril.js/issues/1992)
- docs: tweaks: ([#2104](https://github.com/MithrilJS/mithril.js/pull/2104) [@mikeyb](https://github.com/mikeyb), [#2205](https://github.com/MithrilJS/mithril.js/pull/2205), [@cavemansspa](https://github.com/cavemansspa))
- render/core: avoid touching `Object.prototype.__proto__` setter with `key: "__proto__"` in certain situations ([#2251](https://github.com/MithrilJS/mithril.js/pull/2251))
---
### v1.1.7

2
render/render.js
View file

@ -521,7 +521,7 @@ module.exports = function($window) {
}
}
function getKeyMap(vnodes, start, end) {
var map = {}
var map = Object.create(null)
for (; start < end; start++) {
var vnode = vnodes[start]
if (vnode != null) {

17
render/tests/test-updateNodes.js
View file

@ -264,6 +264,21 @@ o.spec("updateNodes", function() {
o(updated[2].dom.nodeName).equals("S")
o(updated[2].dom).equals(root.childNodes[2])
})
o("creates, deletes, reverses els at same time with '__proto__' key", function() {
var vnodes = [{tag: "a", key: "__proto__"}, {tag: "i", key: 3}, {tag: "b", key: 2}]
var updated = [{tag: "b", key: 2}, {tag: "a", key: "__proto__"}, {tag: "s", key: 4}]
render(root, vnodes)
render(root, updated)
o(root.childNodes.length).equals(3)
o(updated[0].dom.nodeName).equals("B")
o(updated[0].dom).equals(root.childNodes[0])
o(updated[1].dom.nodeName).equals("A")
o(updated[1].dom).equals(root.childNodes[1])
o(updated[2].dom.nodeName).equals("S")
o(updated[2].dom).equals(root.childNodes[2])
})
o("adds to empty array followed by el", function() {
var vnodes = [{tag: "[", key: 1, children: []}, {tag: "b", key: 2}]
var updated = [{tag: "[", key: 1, children: [{tag: "a"}]}, {tag: "b", key: 2}]
@ -1242,7 +1257,7 @@ o.spec("updateNodes", function() {
o(root.appendChild.callCount + root.insertBefore.callCount).equals(5)
o(tagNames).deepEquals(expectedTagNames)
})
components.forEach(function(cmp){
o.spec(cmp.kind, function(){
var createComponent = cmp.create